Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
712
Views
0
Helpful
3
Replies

LAN to LAN VPN - with 3 peers

Go to solution
Steffen Frederiksen
Level 1
Level 1

‎11-28-2011 03:16 AM

Hi All

I'm trying to setup LAN to LAN VPN on a Cisco 1812 router.

Until now we have only had one peer, but now I need to peer with two other locations.

I've tried to add two more crypto maps, with unique sequence numbers, but I can only apply one crypto map on a interface...

I've tried to add the two new peers to my currenly crypto map, but I need to control that if you are trying to reach a specific subnet, then the router should use a specific peer... Right now its just trying the firts listed peer in my crypto map..

Here is my running-config:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key KEY address PEER1-IP

crypto isakmp key KEY address PEER2-IP

crypto isakmp key KEY address PEER3-IP

crypto ipsec transform-set L2L_STIBO esp-3des esp-sha-hmac

crypto map L2L 10 ipsec-isakmp
set peer PEER1-IP

set peer PEER2-IP

set peer PEER3-IP
set transform-set L2L_STIBO
match address 199

access-list 199 permit ip host 10.31.46.65 host PEER1-IP

access-list 199 permit ip host 10.31.46.66 host PEER1-IP

access-list 199 permit ip host 10.31.46.65 host PEER2-IP

access-list 199 permit ip host 10.31.46.66 host PEER2-IP

access-list 199 permit ip host 10.31.46.65 host PEER3-IP

access-list 199 permit ip host 10.31.46.66 host PEER3-IP

interface fa1

cryptop map L2L

I need to control that if a host is trying to reach PEER3-IP I should use PEER3 and not PEER1 right now all is just matched at the access-list and the router is trying to use the first listed IP in the crypto map (PEER1)

How to set that up properly?

Best Regards, Steffen

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajay chauhan
Level 7
Level 7

‎11-28-2011 03:22 AM

Hi,

You basically need to configure diffrent crypto map sequences,in which crypto map name will be same but sequences will get changed.

crypto map L2L 10 ipsec-isakmp

crypto map L2L 20 ipsec-isakmp

crypto map L2L 30 ipsec-isakmp

Under every sequence number you can set the policies also three diffrent ACL are required.

Thanks

Ajay

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ajay chauhan
Level 7
Level 7

‎11-28-2011 03:22 AM

Hi,

You basically need to configure diffrent crypto map sequences,in which crypto map name will be same but sequences will get changed.

crypto map L2L 10 ipsec-isakmp

crypto map L2L 20 ipsec-isakmp

crypto map L2L 30 ipsec-isakmp

Under every sequence number you can set the policies also three diffrent ACL are required.

Thanks

Ajay

0 Helpful

Go to solution
Steffen Frederiksen
Level 1
Level 1
In response to ajay chauhan

‎11-28-2011 03:27 AM

Should I also make a isakmp policy for every sequence number?

0 Helpful

Go to solution
ajay chauhan
Level 7
Level 7
In response to Steffen Frederiksen

‎11-28-2011 03:30 AM

no phase 1 can be common if remote sites are also configured for same policy ,incase remote has got diffrent policies then all those policies are suppose to be configured on this router as well.

Thanks

Ajay

0 Helpful
Customers Also Viewed These Support Documents